Privacy & Data Protection Practitioner

Accredited training course (EXIN) & certification exam

With the ever-increasing explosion of information flooding the internet, every company needs to plan how to manage and protect privacy of persons and their data. Not without a reason, many new laws – in the EU as well as in the USA and many other regions – are being formed to regulate both.

In the EU the EU General Data Protection Regulation (GDPR) is already in force, meaning that all organizations concerned need to comply with specific rules. The EXIN practitioner certificate builds on the subjects covered by the Foundation certification by focusing on the development and implementation of policies and procedures to comply with existing and new legislation, application of privacy and data protection guidelines and best practices, and by establishing a Privacy organization and Data Protection Management System.

EXIN Privacy and Data Protection Practitioner is an advanced-level certification that validates a professional’s knowledge and understanding of the European privacy (data protection) legislation. The exam looks at the international relevance of these regulations and tests the individual’s ability to apply this knowledge and understanding in everyday professional practice.


The certification Privacy & Data Protection Practitioner (EXIN) will be particularly useful to:

  • Data Protection Officers (DPOs),
  • Privacy Officers, Legal,
  • Compliance Officers,
  • Security Officers,
  • Business Continuity Managers,
  • Data Controllers,
  • Data Protection Auditors (internal and external),
  • Privacy Analyst,
  • and HR managers.

The Privacy & Data Protection cycle is aligned with European legislation and regulations and more particularly with the GDPR.


The mandatory requirements to take the PDP Practitioner exam are:

  • Successful completion of the EXIN Privacy & Data Protection Practitioner exam;
  • Accredited EXIN Privacy & Data Protection Practitioner training, including completion of the Practical Assignments.

Course syllabus

Welcome & Introduction

Data Protection Policies (10%)

  • Purpose of the Data Protection and Privacy Policies within an Organization (5%)
  • Data Protection by Design and by Default (5%)

Managing and Organizing Data Protection (32.5%)

  • Phases of the Data Protection Management System (DPMS (32.5%)

Roles of the Controller, Processor and Data Protection Officer (DPO) (17.5%)

  • Roles of the Controller and Processor (10%)
  • Role and Responsibilities of a DPO (7.5%)

Data Protection Impact Assessment (DPIA) (27.5%)

  • Criteria for a DPIA (15%)
  • Steps of a DPIA (12.5%)

Data Breaches, Notification and Incident Response (12.5%)

  • GDPR Requirements with Regard to Personal Data Breaches (2.5%)
  • Requirements for Notification (10%)

Preparation for certification

EXIN Privacy & Data Protection Practitioner Exam (120 mn)

Closing and questions


The official EXIN Privacy & Data Protection Practitioner Exam is included in our training package.

The exam can take place in paper format or online at the end of the training and be supervised by the trainer. The result is communicated to the candidate immediately at the end of the test.
The exam can also be administered online after course – In such a case, a voucher is provided at course completion

The exam is designed to test the learner’s knowledge of the Privacy & Data Protection as opposed to memorization and tied to the learning objectives of the course. The exam format will include:

  • 40 questions
  • Multiple choice
  • 120 minutes
  • One correct answer for each question, using four choices (A, B, C or D)
  • Pass rate is 65% or higher
  • The GDPR text may be consulted throughout the exam. It is provided as an appendix to the digital exam. Candidates are required to bring their own copy for paper-based exams.
  • No electronic equipment/aides permitted

The exam is available in English only.

The Privacy & Data Protection Foundation certificate is prerequisite for the Data Protection Offcier Certificate (DPO)..


Alain Bonneaud
CISA® - CISM® - CGEIT® - COBIT® - ISO 27001 - ITIL® - PRINCE2® - RESILIA® - VeriSM™ - ISO 20000 - DevOps

Terms & Conditions

The following terms and conditions apply for bookings :

  • the session is led by a trainer accredited by EXIN on the Privacy & Data Protection domain,
  • personalized welcome in the classroom with mineral water and breaks ,
  • accredited training material,
  • the offical GDPR publication (electronic document),
  • exam preparation,
  • a group of 10 participants max. in order to ensure the quality of the training delivery.


Document sans titre

Course fees must be paid at least 10 working days prior to the commencement of the course in order to guarantee your place. We accept payment by Direct Debit, credit cards, paypal or bank transfers. Payment made by credit card will incur the following charges – MasterCard (1.5%), Visa (1.5%) American Express (3.0%).


Go Green : all our material is delivered electronically